On Wed, Oct 15, 2014, Russell Selph wrote: > Apologies if this is a duplicate post. I tried first via Google Groups, but > apparently it's read-only. ;-) > > Has anyone else built 0.9.8zc with FIPS 1.2.4? I've been unable to get a > build that passes the 'make test' phase. I'm using build scripts that > worked for 0.9.8.zb. (More details on the scripts below.) This is > happening on Linux RHEL5 (gcc 4.1.2), Mac OS X 10.9.5 (Xcode 6.0.1), as well > as Windows 7 (VS 2010). > > Off hand, it seems like this kind of failure could be accounted for by > something fundamental, such as an incompatible API change in libcrypto, or a > word size mismatch between the FIPS and the libssl builds. I'm about to > start digging through the diffs to get a handle on this, but I was wondering > if I'm alone in having this problem. Any information about experiences > positive or negative would be very helpful. >
The cause is a sanity check in exptest that x ** 0 mod 1 == 0. The BN library in OpenSSL itself was fixed to cover this case but the FIPS capable OpenSSL uses the BN library in the 1.2.x FIPS module which can't be fixed. See commit: 45d129511ff0b43be9a4271133c9ee22658ff07e This doesn't affect the normal operation of the FIPS modules so it can be ignored. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [email protected] Automated List Manager [email protected]
